Skip to content

Update eventsource due to CVE-2022-1650 #590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
brycekahle merged 1 commit into from
May 28, 2022
Merged

Update eventsource due to CVE-2022-1650 #590

brycekahle merged 1 commit into from
May 28, 2022

Conversation

@brammitch
Copy link
Contributor

@brammitch brammitch commented May 25, 2022
edited
Loading

All tests passing with npm run test:browser_local

@nathanmillar16 nathanmillar16 mentioned this pull request May 26, 2022
Closed
@brycekahle
Copy link
Contributor

brycekahle commented May 27, 2022
edited
Loading

@brammitch AFAICT sockjs is not affected by the vulnerability because we do not use cookies or Authorization headers.

When fetching an url with a link to an external site (Redirect), the users Cookies & Autorisation headers are leaked to the third party application. According to the same-origin-policy, the header should be "sanitized."

@brycekahle
Copy link
Contributor

brycekahle commented May 27, 2022

I'll publish an update this evening

@brycekahle brycekahle mentioned this pull request May 27, 2022
Closed
@brycekahle brycekahle merged commit f19946b into sockjs:main May 28, 2022
@pavinrex pavinrex mentioned this pull request Jun 22, 2024
Open
@KarthikSNYK KarthikSNYK mentioned this pull request Jul 6, 2024
Open
@hunorszegediblack hunorszegediblack mentioned this pull request Jul 19, 2024
Open
@hezro hezro mentioned this pull request Aug 31, 2024
Open
@rm-neilsondesa rm-neilsondesa mentioned this pull request Sep 9, 2024
Open
@P-Varshney08 P-Varshney08 mentioned this pull request Sep 10, 2024
Open
@Nagraj-Shankar Nagraj-Shankar mentioned this pull request Sep 11, 2024
Open
@FullBeardDev FullBeardDev mentioned this pull request Sep 11, 2024
Open
@P-Varshney08 P-Varshney08 mentioned this pull request Sep 11, 2024
Open
@basantMishra2956 basantMishra2956 mentioned this pull request Sep 12, 2024
Open
@P-Varshney08 P-Varshney08 mentioned this pull request Sep 13, 2024
Open
@Nagraj-Shankar Nagraj-Shankar mentioned this pull request Sep 13, 2024
Open
@FullBeardDev FullBeardDev mentioned this pull request Sep 13, 2024
Open
@basantMishra2956 basantMishra2956 mentioned this pull request Sep 13, 2024
Open
@rm-neilsondesa rm-neilsondesa mentioned this pull request Sep 13, 2024
Open
@P-Varshney08 P-Varshney08 mentioned this pull request Sep 14, 2024
Open
@basantMishra2956 basantMishra2956 mentioned this pull request Sep 14, 2024
Open
@Nagraj-Shankar Nagraj-Shankar mentioned this pull request Sep 14, 2024
Open
@FullBeardDev FullBeardDev mentioned this pull request Sep 14, 2024
Open
@rm-neilsondesa rm-neilsondesa mentioned this pull request Sep 14, 2024
Open
@Nagraj-Shankar Nagraj-Shankar mentioned this pull request Sep 14, 2024
Open
@P-Varshney08 P-Varshney08 mentioned this pull request Sep 15, 2024
Open
@FullBeardDev FullBeardDev mentioned this pull request Sep 15, 2024
Open
@rm-neilsondesa rm-neilsondesa mentioned this pull request Sep 15, 2024
Open
@P-Varshney08 P-Varshney08 mentioned this pull request Sep 21, 2024
Open
@FullBeardDev FullBeardDev mentioned this pull request Sep 21, 2024
Open
@basantMishra2956 basantMishra2956 mentioned this pull request Sep 21, 2024
Open
@Nagraj-Shankar Nagraj-Shankar mentioned this pull request Sep 21, 2024
Open
@rm-neilsondesa rm-neilsondesa mentioned this pull request Sep 22, 2024
Open
@Nagraj-Shankar Nagraj-Shankar mentioned this pull request Sep 23, 2024
Open
@rm-neilsondesa rm-neilsondesa mentioned this pull request Sep 23, 2024
Open
@chrishamillsnyk chrishamillsnyk mentioned this pull request Sep 29, 2024
Open
@kjharesh kjharesh mentioned this pull request Sep 29, 2024
Open
@yogansnykgit yogansnykgit mentioned this pull request Oct 25, 2024
Open
@Saranjoker Saranjoker mentioned this pull request Oct 26, 2024
Open
@shyamaaron shyamaaron mentioned this pull request Oct 26, 2024
Open
@Gowtham3223108 Gowtham3223108 mentioned this pull request Oct 26, 2024
Open
@udayreddy026 udayreddy026 mentioned this pull request Oct 26, 2024
Open
@moamed-syed moamed-syed mentioned this pull request Oct 27, 2024
Open
@ManPrivate ManPrivate mentioned this pull request Oct 27, 2024
Closed
@sri-sankari sri-sankari mentioned this pull request Oct 28, 2024
Open
@mohankumar931 mohankumar931 mentioned this pull request Oct 28, 2024
Open
@sound25 sound25 mentioned this pull request Oct 29, 2024
Open
@Latha-lgtm Latha-lgtm mentioned this pull request Oct 29, 2024
Open
@GOWTHAMAKURINJIVEANDAN GOWTHAMAKURINJIVEANDAN mentioned this pull request Oct 29, 2024
Open
@ThiruVaithiya ThiruVaithiya mentioned this pull request Oct 30, 2024
Open
@Suriya0802 Suriya0802 mentioned this pull request Oct 30, 2024
Open
@Shriv12 Shriv12 mentioned this pull request Oct 30, 2024
Open
@Ganesh13349 Ganesh13349 mentioned this pull request Oct 31, 2024
Open
@sinnakkrishnan sinnakkrishnan mentioned this pull request Nov 1, 2024
Open
@krithika-manohar krithika-manohar mentioned this pull request Nov 1, 2024
Open
@SAGAYANELSON55 SAGAYANELSON55 mentioned this pull request Nov 1, 2024
Open
@swathi-ra swathi-ra mentioned this pull request Nov 2, 2024
Open
@selvaganesh26 selvaganesh26 mentioned this pull request Nov 5, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brammitch @brycekahle